top of page

Real Challenges Mini-Series #3: Insurance Agency Ponders AI Adoption

  • Writer: Brady Woudstra
    Brady Woudstra
  • Feb 5
  • 2 min read

We're continuing our mini-series on real world cybersecurity and IT challenges. This week, we highlight the risks faced by a progressive insurance agency looking to strategically adopt AI tools.

Adopting AI Without Putting Client Data at Risk


meeeting around table

AI is moving fast, and for many organizations, the pressure to “not fall behind” is very real. But speed without guardrails can introduce serious risk, especially when sensitive client data and internal intellectual property are involved.


That’s where an insurance agency we worked with found themselves. They wanted to explore AI tools thoughtfully, but didn’t yet have a framework to do so safely.


The Problem: Knowing the Risks of new AI Tools

The agency wasn’t short on ideas, they were short on clarity.


They were asking the right high-level questions:

  • Which AI tools are safe to use?

  • What data is acceptable to upload?

  • How do we evaluate vendors beyond marketing claims?


But they lacked a repeatable way to:

  • Vet AI vendors and platforms

  • Understand how data was stored, used, or deleted

  • Compare one vendor’s security posture to another

  • Decide which tools were mature enough for an insurance environment


The concern wasn’t AI itself, it was adopting it without understanding the risk.

The Process: Outcomes over Features

We started with outcomes, not tools.


Together, we discussed:

  • What the agency hoped to gain from AI

  • Which teams would use it and how

  • The types of documents or data that might be involved

The Solution: A Framework for Vetting AI Offerings

From there, we created a standardized vendor questionnaire designed to evaluate AI tools through a cybersecurity and IT lens.


The questionnaire covered areas such as:

  • Data retention and deletion processes

  • SOC 2 and compliance alignment

  • Internal IT and cybersecurity standards

  • Data isolation and tenant separation

  • How customer data is used (or not used) to train models


The goal was to facilitate adoption, not slow it down.

Client Response: Clarity

The agency stated they had clarity and confidence.


Having a structured questionnaire meant the agency finally had:

  • A clear way to ask the right questions

  • Confidence engaging vendors in meaningful conversations

  • A process they could reuse, not just for AI, but for any SaaS tool


What had felt overwhelming suddenly became manageable.

Smarter Vetting Leads to Stronger Partnerships

The impact didn’t stop with documentation.

The agency has since:

  • Used the questionnaire with multiple vendors

  • Asked Elevate to review responses and provide scored feedback on cybersecurity and IT maturity

  • Quickly identified vendors that were not ready for sensitive data

  • Prioritized partners that demonstrated strong security practices


As a result, they were able to move forward with AI exploration while actively reducing risk.


Learn More

If your firm needs help navigating IT risk, cybersecurity planning, or simply wants a trusted advisor to lean on, we’re here to help. Schedule a conversation today.

 
 
bottom of page